The Flame Reality & Swiss Cheese Security
June 22, 2012
By Roger Thompson

Two articles appeared overnight that got me thinking. The first is a Reuter’s piece that says Iran has discovered and preempted a “massive, new cyber attack”. No real details are available, so it might be so, or it might not. It might even just be talking about Flame. http://www.reuters.com/article/2012/06/21/us-iran-cyber-nuclear-idUSBRE85K1EA20120621

The second was another Reuter’s offering that notes that our friends at Symantec had found a module in Flame that deletes data. http://blogs.reuters.com/jim-finkle/

Neither of these things should be a surprise to anyone.

Missing the point

Some l33t folk are calling Flame “lame”, and saying it’s overblown, but they are missing the point that it was apparently on victim computers for at least a couple of years, undetected.

It doesn’t matter that it was not a sleek, zero-day filled, cross-platform infecting rootkit, like Stuxnet.
It doesn’t matter that it was 20mb of bloatware.

Because it was undetected, and capable of installing whatever code it liked whenever it wanted - no one knows what it might have installed during that time. And as I’ve said before…

The worst hack is the one you don’t know about.
So what does this mean to everyone?

It means we have to put our guard up
We may be confident that any country, or terrorist group, with a grudge against any other country, is now trying to muster its technical resources to get in this game, even if they weren’t already.

How do we put our guard up?

We still need antivirus, even though it didn’t detect Flame or Stuxnet, and antivirus developers need to focus on their behavior detection more than just their signature detection. This will be a good thing anyway, as it will have a mitigating effect on cyber criminals and bot herders.

Swiss cheese security

The main thing, however, is to defend in depth. The way to think about security is to think about a slice of Swiss cheese. Any given slice is full of holes, but if you get several slices, and lay them on top of each other, they cover each other’s holes.

What do you think?

Folks, do you think we need more layers - or for that matter, different layers?

 

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.